Access internal assets access, aws
Don’t make it public. Give it a private IP address. Put it behind SSO and VPN Easiest option will be to modify the subnet inbound settings and white list whoever u want accessing the service I mean whitelisting their IP Another option will be to use a vpc tunnel(https://support.perimeter81.com/docs/configuring-a-site-to-site-ipsec-tunnel-to-aws-virtual-gateway)